Digital transformation has expanded the threat landscape, and bad actors are exploiting new vulnerabilities. Cybercriminals have become more sophisticated in their attacks and have even escalated their activities in times of crisis. Microsoft’s 2021 Digital Defense Report found that the cybercrime economy is growing, nation state actors continue to target government agencies, supply chain software is at greater risk and the need to secure the hybrid workforce remains unchanged. For the Middle East and Africa (MEA), risk experts have pegged cyber incidents as the number one business risk in the region for 2022.
Security’s human side
Technology is constantly improving to defend organisations from malicious attacks; Microsoft analyses over 24 trillion signals a day to better protect our customers. However, while we rely on artificial intelligence (AI), machine learning and other solutions, these still require input from skilled cybersecurity professionals to thwart these attacks and achieve a robust security posture. The demand for more connected devices and environments in recent years has only accelerated the need for these specialists. As it stands, there is said to be an expected shortfall of 3.5 million jobs by 2025 in the cybersecurity industry globally – a worrying statistic given our reliance on technology throughout our daily lives.
Recent IDC research found that expanding an organisation’s security team in MEA was at times low on the list of steps to address security concerns. However, respondents in the region said they planned to prioritise upskilling and empowering their existing IT team’s technical knowledge as a method to create a robust and effective posture.
Often the challenge that IT departments and their security teams face is the need to make a case for greater investment in cybersecurity. Chief Security Advisor at Microsoft EMEA Roger Halbheer puts it simply, “Security can only be successful if you add business value.” CISOs can help bridge this gap between the technical and leadership by making a business case for cybersecurity and ensuring that even the CEO understands a company’s risk level. As noted by the IDC, security managers need to optimise their strategy for protection and bring it inline with the interests of their organisation.
Whether a company is considered an SME or a large multinational, safeguarding an organisation’s digital assets is no longer a choice, but rather a necessity. Integrating a company’s cybersecurity strategy into business decision making is essential. Just as new business practices come with their own inherent risks, so too do new technologies, and its these that must be factored into any decisions about technology, policy, or business practices. As much of the region’s activities have become more digitised, cybersecurity can no longer be viewed as a specialised risk that falls only within the IT department’s list of responsibilities.
In October last year, Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management at Microsoft, put out the call for more cybersecurity defenders. In her blog post, Jakkal talks about a new generation of cybersecurity professionals that are creating security for all. While the technical aspect of cybersecurity skills is in high demand, to truly succeed at protecting the online space, we need professionals with diverse backgrounds. This can be seen in studies that have found diverse teams make better decisions 87 percent of the time. The industry needs everyone from the likes of business and marketing to science and law. It’s these diverse perspectives that will protect our online ecosystems.
This new generation of cyber defenders will also have soft skills that will help bridge the gap between leadership and technical. Strength in a security team can also come from people who have great organisational and leadership skills and can practice empathy and clear communication. As Jakkal says, “Security is a team sport, and we’re all in this together.”
To promote a career in the industry and close the skills gap, Microsoft is actively helping to cultivate a skilled cybersecurity workforce. Earlier this year, we announced the expansion of our cybersecurity skills campaign to an additional 23 countries, including Israel and South Africa. Microsoft Cloud Society is also empowering thousands of members across MEA with skills paths tailored for careers in security. Cloud Society is also home to the One Million Arab Coders initiative and Saudi Innovation Center which offer courses in sought after digital careers.
While programmes and initiatives continue to bring more cybersecurity professionals into the fold, we need the sentries to stand guard now. In response, we have developed the Microsoft Security Experts service, which combines expert-trained technology with human-led services. By giving our customers direct access to our security expertise, we plan to better support companies and their IT teams to achieve the highest levels of security, compliance, identity, management and privacy.
Digital transformation has brought untold benefits, but it has also accelerated the need for cybersecurity professionals. The importance of investing in the next generation of diverse and highly skilled cyber defenders is great. Paired with the right digital solutions and tools, we can ensure that our virtual ecosystems are a safe place for all.